CISM Certified Information Security Manager – Question1139

An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RIP) is the:

A.
references from other organizations.
B. past experience of the engagement team.
C. sample deliverable.
D. methodology used in the assessment.

Correct Answer: D

Explanation:

Explanation:
Methodology illustrates the process and formulates the basis to align expectations and the execution of the assessment. This also provides a picture of what is required of all parties involved in the assessment. References from other organizations are important, but not as important as the methodology used in the assessment. Past experience of the engagement team is not as important as the methodology used. Sample deliverables only tell how the assessment is presented, not the process.